changeset 39557:ce20caecacbd

narrow: validate patterns on incoming bundle2 part The remote data is untrusted and needs to be validated for pattern conformance. Differential Revision: https://phab.mercurial-scm.org/D4525
author Gregory Szorc <gregory.szorc@gmail.com>
date Tue, 11 Sep 2018 10:59:21 -0700
parents 8d8e61df8259
children 8301741e1f89
files hgext/narrow/narrowbundle2.py
diffstat 1 files changed, 3 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/hgext/narrow/narrowbundle2.py	Tue Sep 11 15:28:41 2018 -0700
+++ b/hgext/narrow/narrowbundle2.py	Tue Sep 11 10:59:21 2018 -0700
@@ -195,6 +195,9 @@
 def _handlechangespec_2(op, inpart):
     includepats = set(inpart.params.get(_SPECPART_INCLUDE, '').splitlines())
     excludepats = set(inpart.params.get(_SPECPART_EXCLUDE, '').splitlines())
+    narrowspec.validatepatterns(includepats)
+    narrowspec.validatepatterns(excludepats)
+
     if not repository.NARROW_REQUIREMENT in op.repo.requirements:
         op.repo.requirements.add(repository.NARROW_REQUIREMENT)
         op.repo._writerequirements()